You are not logged in.

#1 2016-04-04 12:27:02

mfc_alpha
Member
Registered: 2016-04-04
Posts: 2

Ssl and ipv6

Hello,

I cannot access aur and it seems that it's a SSL issue with IPv6.

curl -v https://aur.archlinux.org/                                                                                                                                                                           
*   Trying 2a01:4f8:160:3033::2...
* Connected to aur.archlinux.org (2a01:4f8:160:3033::2) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
STAY STUCK HERE

But forcing ipv4 (curl -4 -v https://aur.archlinux.org/ ) work fine
And ipv6 ping work fine too (ping 2a01:4f8:160:3033::2)

Any idea ?

Thanks !

Offline

#2 2016-04-05 12:27:51

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: Ssl and ipv6

Below is partial output of that command on my system.
It does look like the "Server hello" reply doesn't reach your system.

Maybe it's blocked by a firewall or proxy ?


$ curl -v https://aur.archlinux.org/
*   Trying 2a01:4f8:160:3033::2...
* Connected to aur.archlinux.org (2a01:4f8:160:3033::2) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=luna.archlinux.org
*  start date: Mar 20 08:13:00 2016 GMT
*  expire date: Jun 18 08:13:00 2016 GMT
*  subjectAltName: host "aur.archlinux.org" matched cert's "aur.archlinux.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X1
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: aur.archlinux.org
> User-Agent: curl/7.48.0
> Accept: */*

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2016-04-06 13:04:46

mfc_alpha
Member
Registered: 2016-04-04
Posts: 2

Re: Ssl and ipv6

That's a good point.
My router is not supposed to do any fancy things but people have already express some issue like this.

Thanks for the help

Offline

#4 2016-04-21 20:36:45

fosskers
Member
Registered: 2012-02-21
Posts: 167
Website

Re: Ssl and ipv6

I'm having a similar issue. I have very spotty connections when making RPC calls to the AUR. Accessing any no other *.archlinux.org page is fine.

A user of mine in Europe was having no such trouble, and he reported his browser always dealt in ipv4. My browser (and computer in general) seem to use ipv6 to access the AUR.

Any ideas?

EDIT: Interesting, it took me several minutes and many retries to get this to post. I thinking it's a similar issue. Also see: https://bbs.archlinux.org/viewtopic.php?id=206820

Last edited by fosskers (2016-04-21 20:37:40)


Author of Aura

Offline

Board footer

Powered by FluxBB